RE: RE: The sky is falling! XML's dirty secret! Go back!It's

To: "Simon St.Laurent" <simonstl@s...>,<xml-dev@l...>
Subject: RE: RE: The sky is falling! XML's dirty secret! Go back!It's a trap!
From: "Joshua Allen" <joshuaa@m...>
Date: Thu, 30 May 2002 20:35:34 -0700
Thread-index: AcIILfJYg0L2zT+FQmuQmo7F20/TqwAI/8EA
Thread-topic: RE: The sky is falling! XML's dirty secret! Go back!It's a trap!

Play the video

For people interested in the topic, Amir Herzberg did an article
"Securing XML" in March 2002 Dr. Dobbs Journal, which unfortunately I
cannot find online.  If you grab the print version, be sure to read the
letters to editor in the following issue of DDJ for some corrections
from other experts.  The article covers the theoretical difficulties in
making the encryption truly secure and talks about how the candidate
recommendation addresses them: http://www.w3.org/TR/xmlenc-core/.  I'm
not an expert on crypto, but the article and responses convinced me that
the crypto experts have put a lot of effort into this. 

> -----Original Message-----
> From: Simon St.Laurent [mailto:simonstl@s...]
> Sent: Thursday, May 30, 2002 4:07 PM
> To: xml-dev@l...
> 
> On Thu, 2002-05-30 at 18:46, Mike Champion wrote:
> > I don't know much about encryption, but from reading about
> > cryptanalysis in WWWII it would appear that having a "crib"
> > (a bit of known plaintext) is a useful shortcut to breaking a
cipher.
> > The tags in an XML message are likely to be known (or easily
> > guessable) by an attacker.  So, a straightforward encryption of
> > an entire XML message might be considerably less secure than
> > an encryption of a non-self-describing message.
> 
> I wonder if you could turn that to your advantage by encrypting
> [element] content using different mechanisms on a per-element basis,
and
> leaving the structure in plaintext.  That would leave attackers with a
> skeleton but only small bits of content to analyze.
> 
> Dunno.  It likely depends on the algorithm used as well as the level
of
> repetition in the content, and attributes are a problem as usual.
> 
> --
> Simon St.Laurent
> Ring around the content, a pocket full of brackets
> Errors, errors, all fall down!
> http://simonstl.com
> 
> 
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
> 
> The list archives are at http://lists.xml.org/archives/xml-dev/
> 
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://lists.xml.org/ob/adm.pl>

Prev by Date: Question: Plugins in XML?!!!
Next by Date: Re: Different Validation in XML Spy 4.2, 4.3 and 4.4
Previous by thread: Question: Plugins in XML?!!!
Next by thread: RE: XML Schema: Getting lookup tables from DB
Index(es):
- Date
- Thread

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Subscribe in XML format

RSS 2.0
Atom 0.3

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.

Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >